njrat | 3d505e7f7ef84c21a29d6d4657bf787b4718dd6ee74f3d229802050e4b517059 | Triage

Sharing

General

Target

3d505e7f7ef84c21a29d6d4657bf787b4718dd6ee74f3d229802050e4b517059
Size

121KB
Sample

221002-q16zyaagdn
MD5

6b81126c307915a5a77c45333281eaa0
SHA1

68e92d9ac8b68d8e371ca6dadcd7f35c9684bb62
SHA256

3d505e7f7ef84c21a29d6d4657bf787b4718dd6ee74f3d229802050e4b517059
SHA512

92c91ede713ccc549b9b2f465f99d9a040336c19c79144904a0b2e5cdc922280c25c362937871dc0d219135379218cb8950fcf71ef9eb3e1e92eae19109d307c
SSDEEP

1536:UeEvwIZMRWuAQOQ/d8w6DgqAxFdtaF1Mxt:UeYwIe0SN/d/6D+xI0r

Score

10^/10

njrat hacked microsoft phishing

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

kurdkar.no-ip.biz:5552

Mutex

b6cf86d39a1bbe3789210a2370f341a2

Attributes

reg_key
b6cf86d39a1bbe3789210a2370f341a2
splitter
|'|'|

Targets

- Target
  
  3d505e7f7ef84c21a29d6d4657bf787b4718dd6ee74f3d229802050e4b517059
- Size
  
  121KB
- MD5
  
  6b81126c307915a5a77c45333281eaa0
- SHA1
  
  68e92d9ac8b68d8e371ca6dadcd7f35c9684bb62
- SHA256
  
  3d505e7f7ef84c21a29d6d4657bf787b4718dd6ee74f3d229802050e4b517059
- SHA512
  
  92c91ede713ccc549b9b2f465f99d9a040336c19c79144904a0b2e5cdc922280c25c362937871dc0d219135379218cb8950fcf71ef9eb3e1e92eae19109d307c
- SSDEEP
  
  1536:UeEvwIZMRWuAQOQ/d8w6DgqAxFdtaF1Mxt:UeYwIe0SN/d/6D+xI0r
Score

5^/10

microsoft phishing
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

microsoftphishing